x/vulndb: potential Go vuln in codeberg.org/forgejo/forgejo: CVE-2023-49947 #2373

GoVulnBot · 2023-12-03T20:01:24Z

CVE-2023-49947 references codeberg.org/forgejo/forgejo, which may be a Go module.

Description:
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.

References:

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: codeberg.org/forgejo/forgejo
      vulnerable_at: 1.17.3
      packages:
        - package: n/a
cves:
    - CVE-2023-49947
references:
    - web: https://forgejo.org/2023-11-release-v1-20-5-1/
    - fix: https://codeberg.org/forgejo/forgejo/commit/44df78edd40076b349d50dc5fb02af417a44cfab

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-12-07T23:09:58Z

Change https://go.dev/cl/547979 mentions this issue: data/excluded: batch add 11 excluded reports

gopherbot · 2024-06-14T17:47:42Z

Change https://go.dev/cl/592764 mentions this issue: data/reports: unexclude 31 reports

tatianab self-assigned this Dec 4, 2023

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Dec 7, 2023

gopherbot closed this as completed in dc6f836 Dec 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in codeberg.org/forgejo/forgejo: CVE-2023-49947 #2373

x/vulndb: potential Go vuln in codeberg.org/forgejo/forgejo: CVE-2023-49947 #2373

GoVulnBot commented Dec 3, 2023

gopherbot commented Dec 7, 2023

gopherbot commented Jun 14, 2024

x/vulndb: potential Go vuln in codeberg.org/forgejo/forgejo: CVE-2023-49947 #2373

x/vulndb: potential Go vuln in codeberg.org/forgejo/forgejo: CVE-2023-49947 #2373

Comments

GoVulnBot commented Dec 3, 2023

gopherbot commented Dec 7, 2023

gopherbot commented Jun 14, 2024